Book Image

CompTIA Security+ Certification Guide

By : Ian Neil
Book Image

CompTIA Security+ Certification Guide

By: Ian Neil

Overview of this book

CompTIA Security+ is a worldwide certification that establishes the fundamental knowledge required to perform core security functions and pursue an IT security career. CompTIA Security+ Certification Guide is a best-in-class exam study guide that covers all of CompTIA Security+ 501 exam objectives. It is authored by Ian Neil, who is a world-class trainer of CompTIA Security+ 501. Packed with self-assessment scenarios and realistic exam questions, this guide will help you master the core concepts to succeed in the exam the first time you take it. Using relevant examples, you will learn all the important security fundamentals from Certificates and Encryption to Identity and Access Management concepts. You will then dive into the important domains of the exam; namely, threats, attacks and vulnerabilities, technologies and tools, architecture and design, risk management, and cryptography and Public Key Infrastructure (PKI). This book comes with over 600 practice questions with detailed explanation that is at the exam level and also includes two mock exams to help you with your study plan. This guide will ensure that encryption and certificates are made easy for you.
Table of Contents (18 chapters)
12
Mock Exam 1
13
Mock Exam 2
15
Acronyms

Answers and Explanations

  1. Confidentiality means only allowing those authorized to access data. Integrity means that data has not been tampered with. Availability means that data is available when you need it, for example when purchasing an airline ticket.
  2. We could place a CCTV camera in a prominent location as a deterrent; people walking past cannot tell if it has film or not, so we are using it as a deterrent.
  3. Confidentiality means that we are limiting access to data to only those who should have access.
  4. To stop people entering a data center, we would install a mantrap, a turnstile device, so that we can control who accesses the data center, one at a time.
  5. An air gap is what it says on the tin, it is a gap between your network and a machine you would use an air gap maybe between Research and Development Machine and the corporate network. You basically isolated a system.
  6. Administrative controls could be writing a new policy to make the company run smoothly; we may have just implemented change management. You could implement a new form to ensure that all of the data required for an application is supplied. We could run an annual security awareness training day, complete a risk assessment, or perform penetration testing.
  7. Physical control is huge. Remember that these can be physically touched. You can choose three from: cable locks, laptop safe, biometric locks, fences, gates, burglar alarms, fire alarms, lights, security guards, bollards, barricades, a Faraday cage, key management, proximity cards, tokens, HVAC, an air gap, motion sensors, and cameras and biometric devices such as an iris scanner.
  8. If we investigate an incident, we need to collect all of the facts about the incident; this is a detective control. Think of a detective such as Sherlock Holmes who is always investigating mysteries.
  9. If we hash the data before and after, and the hash value remains the same, then the integrity of the data is intact. If the second hash is different, the data has been tampered with.
  10. A corrective control is a one-way function where an incident has happened and we want to redeem the situation. For example, if the hard drive on my laptop fails, then I will purchase a new hard drive, put it into my laptop, install the operating system and application, then obtain a copy of my data from a backup.

  1. Hashing is a technique that lets you know if data has been tampered with, but it does not hide the data.
  2. If the same data is hashed with two different applications that can hash data with SHA1, then the hash value will be the same.
  3. HMAC provides data integrity and data authentication. You can use HMAC-SHA1 or HMAC-MD5.
  4. If I change firewall rules, I am doing this to reduce risk; it is carried out by administrators, therefore it is a technical control.
  5. A smart card is a credit card-type device that has a chip built in; once inserted into the keyboard or USB card reader, you will then be asked to enter a PIN.
  6. The person who stores and manages classified data is called the custodian. The person who gives access to the classified data is the security administrator. Prior to getting access to the data, the person may well be vetted.
  7. In the DAC model, the data is unclassified and the data creator, who is also called the owner, will decide who gains access to the data and its classification.
  8. Least privilege is a technique that says that people should only get the most limited access to data that they need to perform their job.
  9. SELinux uses the MAC model to access data. This is the secure version of Linux.
  10. In Linux 777, give the owner who is the first digit, the group that is the sent digit and all users who are the third group read, write, and execute. It could also be a rwx.
  11. The Linux permission for execute (x) allows you to search for or view data.
  12. An access control method that applies either a time restriction or location restriction is called rule-based access.
  13. A subset of a department with access to a subset of duties is called role-based access.
  14. The defense in depth model has many different layers; the idea behind this is if one layer is broken through, the next layer will provide protection.
  15. When someone leaves the company, we should disable their account so that the keys associated with it are still available. The next stage is to change the password so nobody can access it, especially the person who has just left.